Scot L. Harris wrote: > Actually this won't reduce any bandwidth to your server. The probes > still hit that address, you are just blocking those packets in iptables > from begin able to get any further. Are you saying that the single connect-and-drop that this scheme introduces is going to use the same bandwidth as a brute-force password attack on hundreds of login names? > If you could implement this further up the line then you could reduce > traffic to your servers. Sure, that would be good. <SARCASM> Do you think I can get SBC to implement custom filtering for our DSL? </SARCASM> ;) > Putting a blanket deny on traffic from specific IP ranges is effective > if attacks are coming from those ranges. The problem is that hackers > will typically want to use an intermediate site to launch an actual > attack from. This makes it harder to trace the actual source of the > attack. At least good hackers do this. Script kiddies don't know to do > this. If you read the article, you'll see that the author suggests that the traffic is probably coming from zombied personal machines in the far east occurring as a result of a lack of security knowledge and awareness in those new to the net. I don't expect this to be perfect, just an additional step to protect my servers. Kirk Bocek